UW-IMAP Newbie can't log into new server

UW-IMAP Newbie can't log into new server

Post by Gwen Mors » Wed, 27 Jul 2005 07:28:49


X-No-Archive: Yes

Newbie question. This is for a mail server on my home FC4 machine.

I built the latest UW-IMAP imapd from source and moved it to
/usr/sbin/imapd

configured xinetd to run the following script on startup:

service imap
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
log_on_success += HOST DURATION
log_on_failure += HOST
disable = no
}

added my localhost/local network machines to /etc/hosts.allow for imap:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#

imapd: 192.168.2.,127.0.0.1

made sure to restart the xinetd service (as well as eventually simply
rebooting the machine).

I configured kmail to check an IMAP account on "localhost" on port 143.


Here's where things break down. I type in the user name and password of
my regular (non-root) user account.

kmail gives me this error message:
Unable to login. Probably the password is wrong.
The server replied:
LOGIN failed

When I telnet to 143, it appears the server is up and running:

[goldmoon@localhost ~]$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS
LOGINDISABLED] localhost.localdomain IMAP4rev1 2004.357 at Mon, 25 Jul
2005 18:22:11 -0400 (EDT)

So, now the question becomes, what do I do so that I can log into this
server? Do I have to configure "accounts" in a specific file? Did I
miss a key step?

Gwen
 
 
 

UW-IMAP Newbie can't log into new server

Post by Mark Crisp » Wed, 03 Aug 2005 02:15:01


The key is the "LOGINDISABLED".

By default, UW imapd will not permit plaintext password authentication on
an unencrypted IMAP session. To log in, you must do one of the following:
. negotiate TLS encryption (STARTTLS command on port 143 server)
. negotiate SSL encryption (port 993 server)
. use a non-plaintext means of authentication, such as Kerberos or
CRAM-MD5

To build UW imapd so it permits plaintext password authentication on
unencrypted IMAP sessions, read the imap-200?/docs/BUILD and
imap-200?/docs/SSLBUILD files. Note, however, that doing plaintext
password authentication on an unencrypted IMAP session is the m ***
equivalent of reading your credit card number and expiration date on a pay
phone in an airport; anyone can eavesdrop upon you and thus steal your
password.

Unencrypted sessions have another problem; it is trivial to hijack the
session and once seized use your authenticated session for nefarious
purposes. In general, it's better to use encrypted sessions exclusively.

-- Mark --

http://www.yqcomputer.com/
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.